If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Comment

Also remember that Google is working with the CIA (more likely with other organizations too), Microsoft with NSA (likely with other orgs too), OpenBSD is and has been compromised for a decade too. All of this is virtually impossible to fix because it's either closed source or those who injected bad code certainly made sure it's not easily discoverable, and IMHO Linux is compromised too because it amounts for like 50% of all servers and common sense implies that the USA government couldn't possibly leave Linux alone since it's the 500 pounds gorilla in the server market.
In short, de facto, no matter how bad it sounds, the current state of security is a joke, and btw I'm sure Window$ has even more (much more!) CIA/NSA/FBI back-doors spying crap.

Comment

Since in windows the code doesn't have to hide (since window$ is closed source) such code might even have a dedicated API, i.e. the "Windows Spying API", just kidding..

You do know that Microsoft customers can request access to the Windows source-code for security audits, don't you? This is kind of a necessity, give that Windows is occasionally used in security-critical places.

Not saying that deliberate backdoors aren't there, but they are probably well-hidden in non-apparent places (like the header and random padding of encrypted packets). This kind of stuff is almost impossible to detect without forehand knowledge.

Comment

You do know that Microsoft customers can request access to the Windows source-code for security audits, don't you? This is kind of a necessity, give that Windows is occasionally used in security-critical places.

What point is there to audit parts of windows source code when you still get a binary shipped which could have been compiled using a 'edited' source code?

Comment

You do know that Microsoft can (and will) give them the stripped version of code without the security back-doors, don't you?

This is certainly true.

Most firms however will audit the code provided by microsoft and audit a decompiled version using HexRays Decompiler or some other in house tool. No serious audit can be done without looking at disassembled machine code. HexRays does produce almost readable psuedo c code. Obviously for bytecode languages like .net or java decompiling can be much more user readable.